• State Verified Answer
  • Replies 6 replies
  • Subscribers 73 subscribers
  • Views 3297 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 107412
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Origianl Passkey

Yuichi

Hi

I'd like to realize below function for our product.

  1. The product has static passkey in factory.
  2. A user who use the product will pair with his smartphone using the factory static passkey.
  3. Then the user update the static passkey to arbitrary passkey.
  4. In result pairing with the product will be restricted/protected.

Is that possible? And our product is No-Input and No-Output device.

Are there points to be noted?

Thanks

  • 0

    Hi,

    Yes, this is possible. You could store the initial random passkey in the UICR register of the chip during flashing, or at least somewhere non-volatile. After the first pairing, a new value could be written to a certain flash page. The application can then detect if this flash area contain valid data and use that as a static passkey during the subsequent pairing attempts.

    However, I question the motive behind this type of application. It will only help you avoid that users connect to the wrong device in a multi-device environment. Security will be lower, because the key will be static for a long time and no bond is in place - giving attackers long enough time to try every pin. The pairing/bonding procedure is also the most vulnerable period of secure communications, because an eavesdropper could listen in and sniff the keys being used.

    A more secure approach would be to simply bond with really low transmitting power the first time, using the pin code. Subsequent connections would then use the long-term keys exchanged during the bonding.

  • 0

    @Yuichi: as mentioned by Ulrich, it's clearly possible. You just have to store a flag in flash or UICR telling that the device has it first bond and should no longer use the default factory passkey but another passkey set by enduser after bonded to the device.

    If the answer from Ulrich was correct, please mark it as correct and we can close the case.

  • 0 in reply to Ulrich Myhre

    Hi Ulrich Thanks for your comment. My understand of passkey might be wrong.

  • 0

    Hi, thanks for interesting topic.

    Can we increase the security by restricting the number of wrong passkey entry? (If possible of course) For example block the BLE device after 50 consecutive wrong passkeys and unblock the device only after 3 times consecutive correct passkey entry. The user hardly will 50 times type wrong passkey and we still have good security, because with 6 digits we have 1.000.000 possibilities.

  • 0

    @Haruthakop: There is only one try per connection. So it will take some time before the attacker can burst force to bond with a device that it doesn't have the visual of the passkey. You can control the number of try (connect- bond-disconnect) in the application.

    However, the problem here is eavesdropper, who can sniff the passkey pairing transmission between 2 devices and can try all of 1.000.000 possibilities passkey in a fraction of a second to decrypt the transmission between 2 device.

    Next time please don't post your question inside another question. Please create your own question.

Related
Terms of service